77 lines
3.4 KiB
JavaScript
77 lines
3.4 KiB
JavaScript
|
"use strict";
|
||
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||
|
exports.decorateDefaultCredentialProvider = exports.getDefaultRoleAssumerWithWebIdentity = exports.getDefaultRoleAssumer = void 0;
|
||
|
const AssumeRoleCommand_1 = require("./commands/AssumeRoleCommand");
|
||
|
const AssumeRoleWithWebIdentityCommand_1 = require("./commands/AssumeRoleWithWebIdentityCommand");
|
||
|
const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
|
||
|
const decorateDefaultRegion = (region) => {
|
||
|
if (typeof region !== "function") {
|
||
|
return region === undefined ? ASSUME_ROLE_DEFAULT_REGION : region;
|
||
|
}
|
||
|
return async () => {
|
||
|
try {
|
||
|
return await region();
|
||
|
}
|
||
|
catch (e) {
|
||
|
return ASSUME_ROLE_DEFAULT_REGION;
|
||
|
}
|
||
|
};
|
||
|
};
|
||
|
const getDefaultRoleAssumer = (stsOptions, stsClientCtor) => {
|
||
|
let stsClient;
|
||
|
let closureSourceCreds;
|
||
|
return async (sourceCreds, params) => {
|
||
|
closureSourceCreds = sourceCreds;
|
||
|
if (!stsClient) {
|
||
|
const { logger, region, requestHandler } = stsOptions;
|
||
|
stsClient = new stsClientCtor({
|
||
|
logger,
|
||
|
credentialDefaultProvider: () => async () => closureSourceCreds,
|
||
|
region: decorateDefaultRegion(region || stsOptions.region),
|
||
|
...(requestHandler ? { requestHandler } : {}),
|
||
|
});
|
||
|
}
|
||
|
const { Credentials } = await stsClient.send(new AssumeRoleCommand_1.AssumeRoleCommand(params));
|
||
|
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
|
||
|
throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
|
||
|
}
|
||
|
return {
|
||
|
accessKeyId: Credentials.AccessKeyId,
|
||
|
secretAccessKey: Credentials.SecretAccessKey,
|
||
|
sessionToken: Credentials.SessionToken,
|
||
|
expiration: Credentials.Expiration,
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
exports.getDefaultRoleAssumer = getDefaultRoleAssumer;
|
||
|
const getDefaultRoleAssumerWithWebIdentity = (stsOptions, stsClientCtor) => {
|
||
|
let stsClient;
|
||
|
return async (params) => {
|
||
|
if (!stsClient) {
|
||
|
const { logger, region, requestHandler } = stsOptions;
|
||
|
stsClient = new stsClientCtor({
|
||
|
logger,
|
||
|
region: decorateDefaultRegion(region || stsOptions.region),
|
||
|
...(requestHandler ? { requestHandler } : {}),
|
||
|
});
|
||
|
}
|
||
|
const { Credentials } = await stsClient.send(new AssumeRoleWithWebIdentityCommand_1.AssumeRoleWithWebIdentityCommand(params));
|
||
|
if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
|
||
|
throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
|
||
|
}
|
||
|
return {
|
||
|
accessKeyId: Credentials.AccessKeyId,
|
||
|
secretAccessKey: Credentials.SecretAccessKey,
|
||
|
sessionToken: Credentials.SessionToken,
|
||
|
expiration: Credentials.Expiration,
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
exports.getDefaultRoleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity;
|
||
|
const decorateDefaultCredentialProvider = (provider) => (input) => provider({
|
||
|
roleAssumer: (0, exports.getDefaultRoleAssumer)(input, input.stsClientCtor),
|
||
|
roleAssumerWithWebIdentity: (0, exports.getDefaultRoleAssumerWithWebIdentity)(input, input.stsClientCtor),
|
||
|
...input,
|
||
|
});
|
||
|
exports.decorateDefaultCredentialProvider = decorateDefaultCredentialProvider;
|